This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bob111
Contributor
yesterday

Https Inspection Internet Object

Hey guys,
In the https inspection policy there is an object called internet, I can guess from the name what it means but what is it actually? Is it like any? Also I saw somewhere that said that using the internet object determines weather the traffic is considered inbound or outbound which sounds weird, is that true?

0 Kudos
7 Replies
bob111
Contributor
yesterday

Also, is there a difference between the inbound and outbound, or does it just depend on the certificate you should put in the certificate column of a certain rule

0 Kudos
AkosBakos
Advisor
yesterday
In response to bob111

Hi @bob111 

The Internet object in the Application Control & URL Filtering policy actually only applies to traffic that's leaving an interface marked as external.

https://community.checkpoint.com/t5/Management/quot-Internet-quot-object-Internet/m-p/21030#M16513

0 Kudos
bob111
Contributor
yesterday
In response to AkosBakos

Thanks! Do you know when traffic is considered outbound or inbound in https inspection? Is it just according to the certificate you put in a rule?

0 Kudos
AkosBakos
Advisor
yesterday
In response to bob111

Hi,

I don’t think that the cert influances the direction of the traffic.

0 Kudos
AkosBakos
Advisor
yesterday
In response to bob111

Hi @bob111 

And the official SK: https://support.checkpoint.com/results/sk/sk64543

"Internet" means "include all traffic from Internal directed to External or DMZ according to gateway topology".

 

the_rock
Legend
Legend
yesterday

Internet object strictly means ONLY external ip addresses. Unlike any, which means both internal/external.

Personally, I use Internet object for urlf ordered layer, though can be used in any layer where urlf blade is enabled in policy layer settings.

Makes sense?

Andy

0 Kudos
bob111
Contributor
2 hours ago
In response to the_rock

Thanks for the reply! I understand but what is considered external to the firewall?
From what I gathered about the https inspection feature, inbound and outbound inspection behave in a different way - inbound uses the server certificate of the internal server and outbound uses the outbound ca certificate on the firewall to decrypt and encrypt the tls connection. This is from the checkpoint docs:

  • Outbound HTTPS Inspection - To protect against malicious traffic that is sent from an internal client to an external site or server.
  • Inbound HTTPS Inspection - To protect internal servers from malicious requests that arrive from the Internet or an external network.

but when does the firewall treat the traffic as inbound and when as outbound? that is what I don't understand.

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events